News
Commentary
8/18/2005
02:08 PM
Rob Enderle
Rob Enderle
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Opinion: Zotob - An Avoidable Worm And The Negligence Factor

Computer industry analyst Rob Enderle says the Zotob incident proves that companies have gotten lax with security upgrades and could be heading toward negligence when it comes to network security.

For much of this week we've been tracking the proliferation of the Win32.Peabot—a worm that also goes by the name of Zotob. This attack, like many others, came after the disclosure of an exposure in current versions of Windows that continues to suggest a cause and effect pattern of 'patch-release virus attack.'

This worm has hit a number of high profile sites but, so far, only unpatched Windows 2000 systems have been reported as damaged. This is because the extra work needed to attack an unpatched Windows XP system has delayed, if not prevented, a variant that will attack Windows XP based systems. This suggests, that at the very least, systems with this newer version have a longer grace period before they can be attacked.

Currently the working theory is that the organizations under attack have not protected themselves against laptop computers that, in attacks like this, perform the role of carriers and physically bypass the perimeter security in place in the company to infect other, normally well protected, computers. As with most worms of this type a properly configured firewall will stop the current generation of virus variants cold if the firewall is allowed to perform its function.

What is somewhat scary about this virus incident is that it appears to be a large and growing number of variants each more damaging then the last, making it almost look like there is some type of perverted competition between virus writers to see who can do the most damage. It is important to remember that companies with adequate security surrounding laptop use, and those that follow recommended practices with perimeter protection have likely not been impacted.

The Patching Strategy

This isn’t to say you can avoid patching, particularly for small businesses there is a critical requirement that security patches be applied promptly. We are now down to hours between when a patch is created and someone reverse engineers it to create a virus that exploits the identified exposure. Virus checking products are simply not fast enough as they typically take up to 24 hours to identify a virus, create a response to it, and then distribute that response.

If you are already patched when the virus hits you are generally immunized from the related virus and most if not all of the variants while must virus products still have to be updated for each variant. This is particularly true now that many are specifically written to by pass popular virus checking offerings.

Securing Firewalls And Remote Sites

Firewall ports should be closed by default and only those that need to be open should be open. This latest virus targeted port 445 that is used for file and printer sharing and should never be open on a firewall (this activity, if allowed, should only occur within a company between PCs that never venture out of the perimeter protection currently in place).

What we often forget is that remote offices and employees working from home often drill through firewalls with trusted links like virtual private networks (VPNs). While I personally think VPNs are a really bad idea sometimes, they can’t be avoided and that means this remote site has to be as secure as possible. In effect, if such a link exists, the remote site should be regularly audited to insure it is adequately protected. In most cases this can be done remotely but it still needs to be done regularly.

One product that could help with small offices and home offices is the Eli Managed Broadband Security Appliance . It is a remotely managed firewall, router, and access point with heavy content filtering. It is one of the few affordable products I’ve seen that comes close to affordable and adequate perimeter protection to homes and small offices.

On the physical security front, a common practice in security audits is to go to a remote executive’s site and then penetrate the company’s security from that inadequately protected site. Just because you don’t read about companies being compromised in this way does not mean the events aren’t happening.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.